pfSense 1.2.1, a maintenance and bug-fix update of the FreeBSD-based mini-firewall system, has been released: "The pfSense team has a Christmas present for you all - the 1.2.1 final release. The only changes since RC4: fixed problem preventing RIP from starting; fixed broken link in VLAN reboot notification; fixed problem with SSL certificate generation. This is a strictly a maintenance release, meaning it contains only bug fixes in the pfSense code, no new features. Though we also upgraded the base operating system from FreeBSD 6.2 to 7.0, which necessitated numerous changes in how things were configured. The change to FreeBSD 7.0 brings improved performance and more hardware support." Read the complete release announcement for further information. Download the installation CD from here: pfSense-1.2.1-LiveCD-Installer.iso (49.2MB, MD5).

pfSense is a m0n0wall-derived operating system. It uses Packet Filter, FreeBSD 6.x (or DragonFly BSD when ALTQ and CARP is finished), ALTQ for excellent packet queuing, and an integrated package management system for extending the environment with new features.

Chris Buechler has announced the release of pfSense 2.2.4, a FreeBSD-based firewall solution. The new release mostly includes bug fixes and security updates. The bug fixes include patches to prevent cross-site scripting attacks against the web interface, a fix for a TCP resource exhaustion attack and enhancements to prevent file corruption during unclean shutdowns. Buechler points out that a recent patch to FreeBSD's OpenSSL implementation was not needed as pfSense did not ship the vulnerable version of the OpenSSL software. "As always, you can upgrade from any previous version straight to 2.2.4. For those already running any 2.2.x version, this is a low risk upgrade. This is a high priority upgrade for those using IPsec on 2.2.x versions. For those on 2.1.x or earlier versions, there are a number of significant changes which may impact you." The release announcement has more details and a full list of changes since the last version of pfSense can be found in the New Features and Changes document. Downloads: pfSense-LiveCD-2.2.4-RELEASE-amd64.iso.gz (99MB, SHA256).

Chris Buechler has announced the release of pfSense 2.2.3, a security and bug-fix update of the specialist operating system designed for firewalls and routers, based on FreeBSD: "pfSense software version 2.2.3 release is now available, bringing a number of bug fixes and some security updates. Security fixes: multiple XSS vulnerabilities in the pfSense WebGUI, the complete list of affected pages and fields is large and all are listed in the linked SA; multiple OpenSSL vulnerabilities (including Logjam). The bug fixes and changes in this release are detailed here. As always, you can upgrade from any previous version straight to 2.2.3. For those already running any 2.2x version, this is a low-risk upgrade. This is a high-priority upgrade for those using IPsec on 2.2x versions. For those on 2.1.x or earlier versions, there are a number of significant changes which may impact you. Pay close attention to the 2.2 upgrade notes for the details." Here is the brief release announcement. Download links: pfSense-LiveCD-2.2.3-RELEASE-amd64.iso.gz (83.2MB, SHA256), pfSense-LiveCD-2.2.3-RELEASE-i386.iso.gz (78.5MB, SHA256).

Chris Buechler has announced the release of pfSense 2.2.2, the latest update of the FreeBSD-based operating system made for firewalls and routers, providing several security fixes: "pfSense software version 2.2.2 release is now available, bringing a number of bug fixes and a couple low-risk security updates that don't apply to most users. This release includes two low-risk security updates. FreeBSD-SA-15:09.ipv6 - denial of Service with IPv6 router advertisements. Where a system is using DHCPv6 WAN type, devices on the same broadcast domain as that WAN can send crafted packets causing the system to lose IPv6 Internet connectivity. FreeBSD-SA-15:06.openssl - multiple OpenSSL vulnerabilities. Most aren't applicable, and the worst impact is denial of service. As always, you can upgrade from any previous version straight to 2.2.2. For those already running any 2.2x version, this is a low-risk upgrade. This is a high priority upgrade for those using IPsec on 2.2x versions." See the release announcement for full details. Download: pfSense-LiveCD-2.2.2-RELEASE-amd64.iso.gz (83.2MB, SHA256), pfSense-LiveCD-2.2.2-RELEASE-i386.iso.gz (78.4MB, SHA256).

Chris Buechler has announced the release of pfSense 2.2.1, a security and bug-fix update of the project's FreeBSD-based specialist operating system for firewalls and routers: "pfSense software 2.2.1 release is now available, bringing a number of bug fixes and some security fixes. Security fixes: pfSense-SA-15_02.igmp - integer overflow in IGMP protocol; pfSense-SA-15_03.webgui - multiple XSS vulnerabilities in the pfSense WebGUI; pfSense-SA-15_04.webgui - arbitrary file deletion vulnerability in the pfSense WebGUI; FreeBSD-EN-15:01.vt - vt(4) crash with improper ioctl parameters; FreeBSD-EN-15:02.openssl - update to include reliability fixes from OpenSSL. A note on the OpenSSL 'FREAK' vulnerability: does not affect the web server configuration on the firewall as it does not have export ciphers enabled. pfSense 2.2 already included OpenSSL 1.0.1k which addressed the client-side vulnerability. If packages include a web server or similar component, such as a proxy, an improper user configuration may be affected. Consult the package documentation or forum for details." See the complete release announcement for further information. Download: pfSense-LiveCD-2.2.1-RELEASE-amd64.iso.gz (83.1MB, SHA256), pfSense-LiveCD-2.2.1-RELEASE-i386.iso.gz (78.4MB, SHA256).

Chris Buechler has announced the release of pfSense 2.2, a major new update of the project's FreeBSD-based specialist operating system for firewalls and routers: "I'm happy to announce the release of pfSense software version 2.2. This release brings improvements in performance and hardware support from the FreeBSD 10.1 base, as well as enhancements we've added such as AES-GCM with AES-NI acceleration, among a number of other new features and bug fixes. In the process of reaching release, we've closed out 392 total tickets (this number includes 55 features or tasks), fixed 135 bugs affecting 2.1.5 and prior versions, fixed another 202 bugs introduced in 2.2 by advancing the base OS version from FreeBSD 8.3 to 10.1, changing IPsec keying daemons from racoon to strongSwan, upgrading the PHP backend to version 5.5 and switching it from FastCGI to PHP-FPM, and adding the Unbound DNS Resolver, and many smaller changes." Read the rest of the release announcement for a complete list of changes and new features. Download links: pfSense-LiveCD-2.2-RELEASE-amd64.iso.gz (84.2MB, SHA256), pfSense-LiveCD-2.2-RELEASE-i386.iso.gz (79.5MB, SHA256).

Jared Dillard has announced the release of pfSense 2.1.4, a free network firewall distribution based on FreeBSD: "2.1.4 follows very shortly after 2.1.3 and is primarily a security release. Packages also had their own independent fixes and need updating. During the firmware update process the packages will be re-installed properly. Otherwise, uninstall and then re-install packages to ensure that the latest version of the binaries is in use. Other fixes: patch for Captive Portal pipeno leaking issue which leads to the 'Maximum login reached' on Captive Portal; remove text not relevant to Allowed IPs on the Captive Portal; remove units from burst as it is always specified in bytes; add column for internal port on UPnP status page; make listening on interface rather than IP optional for UPnP...." See the release announcement and release notes for more details. Download: pfSense-LiveCD-2.1.4-RELEASE-amd64.iso.gz (92MB, SHA256).

Jim Thompson has announced the release of pfSense 2.1.1, a free network firewall distribution based on FreeBSD with a customised kernel and free third-party software packages for additional functionality: "I'm happy to announce the release of pfSense 2.1.1. The largest change is to close the following security issues / CVEs: FreeBSD-SA-14:01.bsnmpd / CVE-2014-1452; FreeBSD-SA-14:02.ntpd / CVE-2013-5211; FreeBSD-SA-14:03.openssl / CVE-2013-4353, CVE-2013-6449, CVE-2013-6450. Other than these, the em/igb/ixgb/ixgbe drivers have been upgraded to add support for i210 and i354 NICs. Some Intel 10Gb Ethernet NICs will also see improved performance." Follow the release announcement and the detailed release notes for further information. Download: pfSense-LiveCD-2.1.1-RELEASE-amd64.iso.gz (92MB, SHA256).

Chris Buechler has announced the release of pfSense 2.1, a free, open-source and customised distribution of FreeBSD tailored for use as a firewall and router: "I'm proud to announce the release of pfSense 2.1, and our new Gold subscription. The 2.1 book and our AutoConfigBackup service, available for years to support subscribers, are immediately available today to Gold subscribers. This release brings many new features, with the biggest change being IPv6 support in almost every portion of the system. There are also a number of bug fixes and touch-ups in general. Three FreeBSD security advisories are applicable to prior pfSense releases. These aren't remotely exploitable in and of themselves, but anyone who can execute arbitrary code on your firewall could use one or more of these to escalate privileges." See the detailed release announcement for a complete list of changes, new features, bug fixes and package updates. Download links: pfSense-LiveCD-2.1-RELEASE-amd64.iso.gz (90.4MB, SHA256), pfSense-LiveCD-2.1-RELEASE-i386.iso.gz (77.6MB, SHA256).

Chris Buechler has announced the release of pfSense 2.0.3, an updated version of the FreeBSD-based operating system for firewalls: "I'm happy to announce the release of pfSense 2.0.3. This is a maintenance release with some bug and security fixes since 2.0.2 release. You can upgrade from any previous release to 2.0.3. Changelog: updated to OpenSSL 0.9.8y; fix XSS in IPsec log possible from users possessing shared key or valid certificate; fix obtaining DNS servers from PPP type WANs (PPP, PPPoE, PPTP, L2TP); fix captive portal redirect URL trimming; voucher sync fixes; captive portal pruning/locking fixes; fix problem with fastcgi crashing which caused CP issues on 2.0.2; clear the route for an OpenVPN endpoint IP when restarting the VPN, to avoid a situation where a learned route from OSPF or elsewhere could prevent an instance from restarting properly...." See the detailed release announcement for a complete list of security and bug fixes. Download: pfSense-2.0.3-RELEASE-amd64.iso.gz (88.0MB, SHA256), pfSense-2.0.3-RELEASE-i386.iso.gz (76.6MB, SHA256).